The consequences of CrowdStrike’s malicious software update became clear this week, as system administrators and IT staff scrambled to get digital systems up and running again and operations back to normal. Elsewhere, the Olympics kicked off this week and Paris is set with a controversial new surveillance system that hints at a future of ubiquitous CCTV camera coverage. And researchers revealed new findings this week about the innovative malware Russia used in January to sabotage a heating company in Lviv and cut off heat to 600 Ukrainian buildings at the coldest time of the year.
The US Department of Defense has a $141 billion plan to modernize intercontinental ballistic missiles and their silos around the country. Meanwhile, the European Commission is earmarking €7.3 billion for defense research — from drones and tanks to battleships and space intelligence — over the next seven years. And hackers have set up a “ghost” network to quietly spread malware on the Microsoft-owned GitHub developer platform.
In more encouraging news, a former Google engineer has built a prototype search engine, called webXray, intended to allow users to find specific online privacy violations, determine which sites are tracking them, and see where all that data is going.
And there’s more. Every week, we round up the security news we didn’t cover in depth. Click on the headlines to read the full stories and stay safe.
Leaked files obtained by the Guardian reveal that the Israeli government took extraordinary measures to prevent information about the Pegasus spy system from falling into the hands of US courts, including seizing files directly from the company to prevent legal disclosure. The spyware is the product of the Israel-based NSO Group. It allows users to infect smartphones, extract messages and photos, record calls and secretly activate microphones. The NSO Group is facing legal action in the US brought by WhatsApp, which claims the company designed Pegasus to target users of its messaging software. According to WhatsApp, more than 1,400 of its users were targeted. NSO, whose software has allegedly been hacked, is now facing legal action in the US brought by WhatsApp, which claims the company designed Pegasus to target users of its messaging software. According to WhatsApp, more than 1,400 of its users were targeted. tied to the harassment and murder of journalist Jamal Khashoggi, has denied any wrongdoing.
In an effort to thwart BIOS-based threats, fueled in part by the deployment of a powerful rootkit designed by a Chinese researcher in 2007, Secure Boot became a widely adopted tool. Unfortunately, researchers at security firm Binarly have revealed that Secure Boot is now “fully compromised” on over 200 device models, affecting major hardware manufacturers such as Dell, Acer, and Intel. The incident was the result of a weak cryptographic key used to establish trust between hardware and firmware systems. AMI, the owner of the key, says it was intended to be used for testing and should never have made it to production.
Following in the footsteps of Meta, Elon Musk’s X quietly adjusted its settings this week to give the company’s AI system, known as Grok, access to all of its users’ posts. There is a way to prevent Grok from ingesting your posts; however, you can’t do this from the mobile app. You’ll need to log into X’s account. Settings Using a desktop computer; select Privacy & Securitythen select Riddleand then uncheck the box. Or just go straight ahead here to go directly to the correct settings page. (You can also delete your Grok conversation history, if you have one, by clicking Delete conversation history.)
